[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Duane Wessels wessels at packet-pushers.com
Fri May 23 15:24:37 UTC 2008

On Fri, 23 May 2008, Daniel Karrenberg said:

> Again: What is the real extent of this problem?
> The problem manifests itself only for those users who do not follow
> long established best practises and do not do so for a long time.
> And even those loosers would only really loose if someone was to
> publish a different root zone on one of the old addresses.
> Do we really need to provide soloutions for this class of users and
> for that -so far- hypothetical case?  Wouldn't there be other, easier

I guess for me there is another very important aspect to this
problem.  In this case, mutliple third parties were able to announce
routes for the root server address and receive queries.  According
to what Robert Edmonds showed us, AS 42909 was announcing
from 2007-12-15 until 2008-05-17.  Five months and nobody noticed!

Now granted this was the old address and they were answering honestly,
but the stream of query data they recieved has huge value to people
in the DNS monetization business (and others).

Duane W.

More information about the dns-operations mailing list